|
 |
2ff057 |
.TH "RPMKEYS" "8" "29 October 2010" "Red Hat, Inc"
|
|
|
2ff057 |
.SH NAME
|
|
|
2ff057 |
rpmkeys \- RPM Keyring
|
|
|
2ff057 |
.SH SYNOPSIS
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
|
|
|
2ff057 |
\fBrpmkeys\fR {\fB--import|--checksig\fR}
|
|
|
2ff057 |
|
|
|
2ff057 |
.SH "DESCRIPTION"
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
The general forms of rpm digital signature commands are
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
|
|
|
2ff057 |
\fBrpmkeys\fR \fB--import\fR \fB\fIPUBKEY\fB\fR\fI ...\fR
|
|
|
2ff057 |
|
|
|
2ff057 |
\fBrpmkeys\fR {\fB-K|--checksig\fR} \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
2ff057 |
|
|
|
2ff057 |
.\" These are not implemented yet...
|
|
|
2ff057 |
.\" \fBrpm\fR \fB--list-key[s]\fR \fB\fIKEY_ID\fB\fR\fI ...\fR
|
|
|
2ff057 |
.\"
|
|
|
2ff057 |
.\" \fBrpm\fR \fB--delete-key[s]\fR \fB\fIKEY_ID\fB\fR\fI ...\fR
|
|
|
2ff057 |
.\"
|
|
|
2ff057 |
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
The \fB--checksig\fR option checks all the digests and signatures contained in
|
|
|
2ff057 |
\fIPACKAGE_FILE\fR to ensure
|
|
|
2ff057 |
the integrity and origin of the package. Note that
|
|
|
2ff057 |
signatures are now verified whenever a package is read,
|
|
|
2ff057 |
and \fB--checksig\fR is useful to verify
|
|
|
2ff057 |
all of the digests and signatures associated with a package.
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
Digital signatures cannot be verified without a public key.
|
|
|
2ff057 |
An ASCII armored public key can be added to the \fBrpm\fR database
|
|
|
2ff057 |
using \fB--import\fR. An imported public key is
|
|
|
2ff057 |
carried in a header, and key ring management is performed
|
|
|
2ff057 |
exactly like package management. For example, all currently imported
|
|
|
2ff057 |
public keys can be displayed by:
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
\fBrpm -qa gpg-pubkey*\fR
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
Details about a specific public key, when imported, can be displayed
|
|
|
2ff057 |
by querying. Here's information about the Red Hat GPG/DSA key:
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
\fBrpm -qi gpg-pubkey-db42a60e\fR
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
Finally, public keys can be erased after importing just like
|
|
|
2ff057 |
packages. Here's how to remove the Red Hat GPG/DSA key
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
\fBrpm -e gpg-pubkey-db42a60e\fR
|
|
|
2ff057 |
.PP
|
|
|
2ff057 |
|
|
|
2ff057 |
.SH "SEE ALSO"
|
|
|
2ff057 |
.nf
|
|
|
2ff057 |
\fBpopt\fR(3),
|
|
|
2ff057 |
\fBrpm\fR(8),
|
|
|
2ff057 |
\fBrpmdb\fR(8),
|
|
|
2ff057 |
\fBrpmsign\fR(8),
|
|
|
2ff057 |
\fBrpm2cpio\fR(8),
|
|
|
2ff057 |
\fBrpmbuild\fR(8),
|
|
|
2ff057 |
\fBrpmspec\fR(8),
|
|
|
2ff057 |
.fi
|
|
|
2ff057 |
|
|
|
2ff057 |
\fBrpmkeys --help\fR - as rpm supports customizing the options via popt aliases
|
|
|
2ff057 |
it's impossible to guarantee that what's described in the manual matches
|
|
|
2ff057 |
what's available.
|
|
|
2ff057 |
|
|
|
2ff057 |
|
|
|
2ff057 |
\fBhttp://www.rpm.org/ <URL:http://www.rpm.org/>
|
|
|
2ff057 |
\fR
|
|
|
2ff057 |
.SH "AUTHORS"
|
|
|
2ff057 |
|
|
|
2ff057 |
.nf
|
|
|
2ff057 |
Marc Ewing <marc@redhat.com>
|
|
|
2ff057 |
Jeff Johnson <jbj@redhat.com>
|
|
|
2ff057 |
Erik Troan <ewt@redhat.com>
|
|
|
2ff057 |
Panu Matilainen <pmatilai@redhat.com>
|
|
|
2ff057 |
.fi
|